diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/crypto/if_alg.h | 17 | ||||
| -rw-r--r-- | include/linux/audit.h | 22 |
2 files changed, 34 insertions, 5 deletions
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h index c5813c87de0..6650ae5761f 100644 --- a/include/crypto/if_alg.h +++ b/include/crypto/if_alg.h @@ -31,6 +31,9 @@ struct alg_sock { const struct af_alg_type *type; void *private; +#ifdef CONFIG_AUDIT + int id; +#endif }; struct af_alg_completion { @@ -46,6 +49,7 @@ struct af_alg_control { struct af_alg_type { void *(*bind)(const char *name, u32 type, u32 mask); void (*release)(void *private); + const char *(*alg_name)(void *private); int (*setkey)(void *private, const u8 *key, unsigned int keylen); int (*accept)(void *private, struct sock *sk); @@ -62,6 +66,8 @@ struct af_alg_sgl { int af_alg_register_type(const struct af_alg_type *type); int af_alg_unregister_type(const struct af_alg_type *type); +void af_alg_sk_destruct_child(struct sock *sk); + int af_alg_release(struct socket *sock); int af_alg_accept(struct sock *sk, struct socket *newsock); @@ -74,16 +80,17 @@ int af_alg_cmsg_send(struct msghdr *msg, struct af_alg_control *con); int af_alg_wait_for_completion(int err, struct af_alg_completion *completion); void af_alg_complete(struct crypto_async_request *req, int err); +#ifdef CONFIG_AUDIT +int af_alg_audit_crypto_op(struct sock *sk, const char *operation, int ctx2); +#else +#define af_alg_audit_crypto_op(sk, operation, ctx2) (0) +#endif + static inline struct alg_sock *alg_sk(struct sock *sk) { return (struct alg_sock *)sk; } -static inline void af_alg_release_parent(struct sock *sk) -{ - sock_put(alg_sk(sk)->parent); -} - static inline void af_alg_init_completion(struct af_alg_completion *completion) { init_completion(&completion->completion); diff --git a/include/linux/audit.h b/include/linux/audit.h index f391d45c8ae..a9516daa771 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -122,6 +122,8 @@ #define AUDIT_MAC_UNLBL_STCADD 1416 /* NetLabel: add a static label */ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ +#define AUDIT_CRYPTO_USERSPACE_OP 1600 /* User-space crypto operation */ + #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ @@ -219,6 +221,7 @@ #define AUDIT_PERM 106 #define AUDIT_DIR 107 #define AUDIT_FILETYPE 108 +#define AUDIT_CRYPTO_OP 109 #define AUDIT_ARG0 200 #define AUDIT_ARG1 (AUDIT_ARG0+1) @@ -314,6 +317,13 @@ enum { #define AUDIT_PERM_READ 4 #define AUDIT_PERM_ATTR 8 +#define AUDIT_CRYPTO_OP_TFM_NEW 1 +#define AUDIT_CRYPTO_OP_TFM_KEY_IMPORT 2 +#define AUDIT_CRYPTO_OP_TFM_DEL 3 +#define AUDIT_CRYPTO_OP_CTX_NEW 4 +#define AUDIT_CRYPTO_OP_CTX_OP 5 +#define AUDIT_CRYPTO_OP_CTX_DEL 6 + struct audit_status { __u32 mask; /* Bit mask for valid entries */ __u32 enabled; /* 1 = enabled, 0 = disabled */ @@ -478,6 +488,8 @@ extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, const struct cred *new, const struct cred *old); extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old); +extern int __audit_log_crypto_op(int op, int tfm, int ctx, int ctx2, + const char *algorithm, const char *operation); static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) { @@ -531,6 +543,15 @@ static inline void audit_log_capset(pid_t pid, const struct cred *new, __audit_log_capset(pid, new, old); } +static inline int audit_log_crypto_op(int op, int tfm, int ctx, int ctx2, + const char *algorithm, + const char *operation) +{ + if (unlikely(!audit_dummy_context())) + return __audit_log_crypto_op(op, tfm, ctx, ctx2, algorithm, operation); + return 0; +} + extern int audit_n_rules; extern int audit_signals; #else @@ -564,6 +585,7 @@ extern int audit_signals; #define audit_mq_getsetattr(d,s) ((void)0) #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; }) #define audit_log_capset(pid, ncr, ocr) ((void)0) +#define audit_log_crypto_op(op, tfm, ctx, ctx2, algorithm, operation) (0) #define audit_ptrace(t) ((void)0) #define audit_n_rules 0 #define audit_signals 0 |